Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2560

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2560
Last Modified 10 Sep 2008 03:34:04
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2560

Summary

DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi".

Vulnerable Systems

Application

  • Andreas Gohr Dokuwiki Release 2004-07-04

  • Andreas Gohr Dokuwiki Release 2004-07-07

  • Andreas Gohr Dokuwiki Release 2004-07-12

  • Andreas Gohr Dokuwiki Release 2004-07-21

  • Andreas Gohr Dokuwiki Release 2004-07-25

  • Andreas Gohr Dokuwiki Release 2004-08-08

  • Andreas Gohr Dokuwiki Release 2004-08-15a

  • Andreas Gohr Dokuwiki Release 2004-08-22

  • Andreas Gohr Dokuwiki Release 2004-09-12

  • Andreas Gohr Dokuwiki Release 2004-09-25

  • Andreas Gohr Dokuwiki Release 2004-09-30


References

BID - 11486

OSVDB - 11084

XF - dokuwiki-file-upload(17899)

CONFIRM - http://wiki.splitbrain.org/wiki:old_changes


Last Updated: 27 May 2016 10:39:32